Digital Forensics, Incident Response & Data Breach Management Services

During this time the scope, scale and complexity of attacks have evolved and as the Security landscape moves, the hackers move with it, often circumventing and exploiting the new security controls implemented by the IT security professionals.

3B Data Security staff have a wealth of experience and expertise having been exposed to a plethora of different incident response scenarios and forensic data breach investigations, - ranging from a cottage industry business run from a home garage to multi-national cross-border blue chip organisations.

Other examples include utility providers, financial service institutions, insurance underwriters, hoteliers, hosting companies, level one merchant retailers, payment service providers, online retailers, gambling/gaming companies and motor manufacturers. We have also worked with and for law-enforcement agencies, the Information Commissioners Office (ICO) and with legal/litigation teams within law firms and solicitors.

Staff members have been certified under the CREST Cyber Security Incident Response (CSIR) scheme and hold the CREST Certified Incident Manager (CCIM) accreditation. In addition, they have also been certified as Core PCI Forensic Investigators (PFI) and Qualified Security Assessors (QSA) by the PCI Security Standards Council.

If you have a cyber security incident, believe you are under attack or have been compromised, then call us immediately for assistance on 01223 298 338 or email us at IR@3BDataSecurity.com.

If you want to take a more proactive and pragmatic approach whilst benefitting from the knowledge and years of experience which the 3B Data Security team possess, then why not speak to us about our Cyber Security Incident Response Retainer Service (CSIRRS). CSIRRS will help arm and prepare your business or organisation with the skills and resources needed to react and respond to a cyber security incident efficiently as it provides you with a 24/7 on-call support helpline, pre-agreed consultancy rates and methodologies, signed contracts and legal documents and proactive security reviews and information sharing sessions.

What would your customers say if they found their data posted on a hacker forum and believed you were the source?

Would you know how to respond if the 10 o’clock news called you for a statement on your data breach?

If you have any doubt to even one of the answers above, then you need sign up to 3B Data Security’s Cyber Security Incident Response Retainer Service (CSIRRS) immediately.

After many years dealing with all types of cyber security incidents and urgent forensic investigations, 3B Data Security have formulated a proactive incident response retainer service that aims to resolve many common problems faced by organisations suffering a data compromise. In effect you learn from all the mistakes made by others before you.

The service is tailored to your organisation and allows you to rest easy knowing help is always on hand and proactive measures are taken to help reduce risk in advance. The service includes:

• A full on-boarding process that includes the confirmation of all agreements, commercials, terms and conditions, legals, procedures and methodologies in advance of any incident occurring
• Access to a 24 hour a day, 365 days of the year support service in the form of email, telephone and onsite support in the event of an incident or investigation requirement
• Methodology and information gathering sharing workshops, reviews of any existing processes relating to incident response and gap analysis summary overview
• Agreed and discounted commercial rates for future related incident response engagements

The advantages to your business or organisation include:

• Reduce the risk of an incident occurring in advance and improve the efficiency and productiveness of the subsequent forensic investigation
• Expertise on-hand 24x7x365 and ready to respond immediately in the event of an incident
• Significant reduction in time taken to react to an incident, as all commercial, contractual and logistical agreements would have already been approved and signed-off in advance
• Dramatically improve responsiveness in the event of an incident, as staff would have been educated on how to deal with and react correctly, in terms of what to do, who to inform, when and how
• Evaluate, conclude and sign off, those critical processes, policies and procedures in advance but in slow time; pre-empt those difficult decisions, answer those difficult questions and find the gaps in the current methodologies before they are called into action
• Improve the overall security posture of your business by demonstrating an effective Incident Response Plan both internally and externally to third parties and clients
• Limit the financial implication and cost to the business of an incident, while also reducing the potential penalties from industry regulators (ICO, FCA, GDPR etc) and help achieve compliance from standardisation bodies (PCI SSC, ISO etc)
• Reduce operational downtime, minimise loss of business productivity and reduce the burden on internal staff and resources, whilst maintaining business independence within the response/investigation scenario

If you want to focus on running your business not on reacting to a forensic or cyber incident; proactively improve the response and investigation process, learn from others mistakes and protect your reputational brand and your customer relations, then sign up to the Retainer Service.

Alongside this 3B Data Security is an approved PCI SSC Qualified Security Assessor Company (QSAC), which enables us to perform PCI Compliance consulting, advisory and audit services to help merchants obtain certification against the Payment Card Industry Data Security Standard (PCI DSS).

Senior team members have been Qualified Security Assessors (QSA) since 2008 and have been investigating cardholder data compromises for Visa and MasterCard since 2007, then subsequently becoming Core PCI Forensic Investigators (PFIs) when the PCI Security Standards Council formed the PCI PFI Program in 2011.

Staff have investigated hundreds of cardholder data breach investigations for all types of organisations large, medium and small, in numerous different environments with ever changing technologies. Additionally the knowledge, experience and relationships gained from being a part of the payment card industry for this length of time helps to distinguish 3B Data Security as a trusted, credible and reliable PCI partner.

If you have suffered a PCI data breach, if you need to obtain or maintain PCI Compliance or simply want to benefit from our years of knowledge in conducting data compromise investigations, then get in contact and we can help you.

We offer tailored first responder and breach management training to both technical and management level staff, based on industry best practise and years of conducting real incident response investigations. The training gives an insight to what will happen when an incident occurs, how you should respond, but more importantly you will be educated with lots of preventative advice, best practise and real life response hints and tips.

Do you want to learn, practise and play out your incident response policies and plans? Perhaps test your staff’s reaction to an incident or simply see what could happen within your organisation (if) when you do get hacked? But don’t want to wait for the hackers to do it for real?

Then utilise the years of knowledge 3B Data Security has in helping businesses react and recover from real life hacking incidents by undertaking a number of ‘mock’ incident response table top exercises. You will be lead through a number of incident scenarios, and as they play out, your people, processes and technologies will be tested in a controlled environment in order to highlight any discrepancies so they can be evaluated, educated and remediated, without the time-critical pressures you face whilst dealing with an actual incident at the same time.

We also offer a Computer Incident Response Public Relations (PR) Planning and Preparation Workshop which helps the business prepare the right PR responses to an incident, find gaps in the current PR Action Plan and deduce a list of playbook scenarios that may need to be considered for creation or amendment. These could be anything from how and when to inform Law Enforcement agencies, first line support / call centre staff, internal development staff, the media, website updates, social media posts, third-parties, acquiring banks or regulators.

3B Data Security staff have conducted both civil and criminal forensic investigations including intellectual property theft, HR / employee misconduct, computer misuse, fraud, money laundering, terrorism, cyber-crime/hacking, malware and financial litigation.

In addition to traditional forensic investigation, 3B Data Security have worked with insurance companies to validate their claims management process, conduct pre-assessment and risk validation for policy underwriters and conduct forensic training courses for corporate IT teams.

In our experience, most digital forensic investigations are initiated reactively, unexpectedly and are often very urgent and time critical. It is with this in mind that the proactive Digital Forensic Retainer Service (DFRS) has been created to help deal with these points and balance the unknown urgency of an incident and increase the ability for the forensic investigation to be conducted as efficiently and quickly as possible so the best outcome can be established. This includes understanding the gaps and weaknesses in the policies and processes, educating staff and first responders, agreeing all the commercials, legal documents and logistics in advance of any potential incident or forensic investigation requirement.

The time saved in understanding the methodologies, agreeing the terms and conditions or simply just knowing who to call could be the difference between a satisfactory conclusion and losing the evidence, losing the case, losing finances and even losing the business’s reputational brand.

If this data is compromised, inadvertently leaked, misplaced or simply stored longer than it should be, the processing entities run the risk of non-compliance and substantial fines from regulators such as the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and Credit Card Schemes like Visa, MasterCard, JCB, Discover and American Express.

This is in addition to the reputational risk and brand damage that is caused when an entity hits the news and it is made public that they have suffered a suspected or confirmed data breach. Trying to recover customer confidence and rebuild the reputation in a brand that has been a victim of a data breach is not a simple task, and could be crippling to a business’s future.

Under the Payment Card Industry Data Security Standard (PCI-DSS) and the Data Protection Act (DPA), certain types of data storage are not recommended at all or are prohibited. This data is often stored, be that on purpose, for testing and development of systems, inadvertently by errors in design and coding, legacy systems that have not been fully decommissioned or even stored on legitimate systems by hackers in order to harvest data during an attack.

After managing and forensically investigating hundreds of data breaches over the past decade, 3B Data Security have seen all variations on why data is stored and ultimately compromised by attackers, especially unencrypted cardholder information such as a Primary Account Numbers (PAN), CVV/CVC, cardholder names and addresses.

By proactively searching for unencrypted cardholder data across the computer network environment this data can be located, verified, securely erased and the processes that allow the data to be stored in the first place fixed for the future. This will help your business mitigate against the risks of storing unencrypted cardholder and PII data going forward.

Key responsibilities for the role will include delivering:

• Completing and managing PCI-DSS compliance projects, scope analysis and conducting audits and reporting
• Gap Analysis Workshops
• Information Security Audits and Assessments
• GDPR Consulting
• ISO27001 Consulting
• Cyber-Risk Assessments
• Virtual CSO client engagements
• Cyber/Security Awareness Training
• Input into the on-going development of the 3B Data Security services portfolio

The successful candidate should have the following experience and key skills:

• Proven experience of conducting “hands on” PCI-DSS Audits, RoCs and Gap Analysis workshops
• Experience within Information/Operational Security and Risk Management
• Currently hold the Qualified Security Assessor (QSA) accreditation
• Proven track-record of being able to liaise with customers at both a technical and business level
• Excellent technical understanding of IT infrastructure (networks, servers, databases, software applications etc.)
• Awareness and interest Digital Forensics

Additionally an understanding and experience of GDPR and/or ISO 27001 will be advantageous.

The role is flexible in that it can be either home or office (Cambridge) based, with client site visits throughout the UK and Europe. Salary and package will be dependent on previous experience, attitude and future potential to grow within the role/company.

If you are interested in finding out more information regarding this exciting opportunity, then please send your CV and a covering letter (demonstrating why you are the right candidate) to: Jobs@3BDataSecurity.com

The candidate will need to have a good consulting background, be at ease when dealing with customers, be self-motivated and able to work unsupervised and deal with incidents at short notice.

Salary and package will be dependent on previous experience, attitude and future potential, the role will be based predominantly from the Cambridge office, with some home working where necessary, and will involve some travel throughout the UK and Europe.

The role can and will encompass a variety of topics including PCI DSS, security training, incident response, digital forensics, PCI and corporate breach investigations. Anything from forensic investigative tasks, conducting ‘on-site’ consultancy, acquisition of forensic evidence, report writing, developing new business, training clients, writing code and hacking code.

Other topics you may get exposed to include security assessments, malware analysis, litigation support, cardholder data discovery, penetration testing, code analysis, program tool development and training.

Where required training and hands on practical work in the areas of information security, forensics, and PCI-DSS will be provided, however this role is for an experienced forensic professional. Applicants must be flexible, proactive, self-starting and able to work as part of a team and independently.

The following skills are essential, applicants should have experience of commercial digital forensics, incident response, general information security as well as:

• Experience of conducting forensic imaging and acquisition of computer and storage media both dead box, live and remotely
• Experience with standard forensic toolsets and mainstream commercial tools e.g. EnCase, FTK, DD, WFT, Nuix, Incident Response Tools, Linux Forensic tools etc
• Experience with different operating systems such as Linux / Windows / Mac Operating
• Experience of analysing forensic evidence, report writing and the ability to communicate complex technical data to the lay person is also a must have
• The role will also include onsite customer visits, so the applicant must have the ability to travel, sometimes at short notice and may include overnight stays when necessary

The following skills are desirable but not essential:

• Knowledge of Security Operation Centres (SOCs)
• Incident Response / First Responder Training
• Experience of conducting PCI DSS Audits and knowledge of the PCI Data Security Standard
• Knowledge of programming
• Experience of infrastructure penetration testing, web application penetration testing, host based audits, configuration / code / architecture reviews
• Malware analysis and reverse engineering

If you are interested in finding out more information regarding this exciting opportunity, then please send your CV and a covering letter (demonstrating why you are the right candidate) to: Jobs@3BDataSecurity.com